name: Docker

on:
  workflow_dispatch:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  release:
    types: [published]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  packages: write

jobs:
  pre-job:
    runs-on: ubuntu-latest
    outputs:
      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - id: found_paths
        uses: dorny/paths-filter@v3
        with:
          filters: |
            server:
              - 'server/**'
              - 'openapi/**'
              - 'web/**'
              - 'i18n/**'
            machine-learning:
              - 'machine-learning/**'

      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"

  retag_ml:
    name: Re-Tag ML
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ["", "-cuda", "-openvino", "-armnn"]
    steps:
        - name: Login to GitHub Container Registry
          uses: docker/login-action@v3
          with:
            registry: ghcr.io
            username: ${{ github.repository_owner }}
            password: ${{ secrets.GITHUB_TOKEN }}
        - name: Re-tag image
          run: |
              REGISTRY_NAME="ghcr.io"
              REPOSITORY=${{ github.repository_owner }}/immich-machine-learning
              TAG_OLD=main${{ matrix.suffix }}
              TAG_NEW=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
              docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_NEW $REGISTRY_NAME/$REPOSITORY:$TAG_OLD

  retag_server:
    name: Re-Tag Server
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: [""]
    steps:
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Re-tag image
        run: |
          REGISTRY_NAME="ghcr.io"
          REPOSITORY=${{ github.repository_owner }}/immich-server
          TAG_OLD=main${{ matrix.suffix }}
          TAG_NEW=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_NEW $REGISTRY_NAME/$REPOSITORY:$TAG_OLD


  build_and_push_ml:
    name: Build and Push ML
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    env:
      image: immich-machine-learning
      context: machine-learning
      file: machine-learning/Dockerfile
    strategy:
      # Prevent a failure in one image from stopping the other builds
      fail-fast: false
      matrix:
        include:
          - platforms: linux/amd64,linux/arm64
            device: cpu

          - platforms: linux/amd64
            device: cuda
            suffix: -cuda

          - platforms: linux/amd64
            device: openvino
            suffix: -openvino

          - platforms: linux/arm64
            device: armnn
            suffix: -armnn

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3.3.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.8.0

      - name: Login to Docker Hub
        # Only push to Docker Hub when making a release
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        # Skip when PR from a fork
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Generate docker image tags
        id: metadata
        uses: docker/metadata-action@v5
        with:
          flavor: |
            # Disable latest tag
            latest=false
          images: |
            name=ghcr.io/${{ github.repository_owner }}/${{env.image}}
            name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch,suffix=${{ matrix.suffix }}
            # Tag with pr-number
            type=ref,event=pr,suffix=${{ matrix.suffix }}
            # Tag with git tag on release
            type=ref,event=tag,suffix=${{ matrix.suffix }}
            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}

      - name: Determine build cache output
        id: cache-target
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            # Essentially just ignore the cache output (PR can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT
          fi

      - name: Build and push image
        uses: docker/build-push-action@v6.12.0
        with:
          context: ${{ env.context }}
          file: ${{ env.file }}
          platforms: ${{ matrix.platforms }}
          # Skip pushing when PR from a fork
          push: ${{ !github.event.pull_request.head.repo.fork }}
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          build-args: |
            DEVICE=${{ matrix.device }}
            BUILD_ID=${{ github.run_id }}
            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
            BUILD_SOURCE_REF=${{ github.ref_name }}
            BUILD_SOURCE_COMMIT=${{ github.sha }}


  build_and_push_server:
    name: Build and Push Server
    runs-on: ubuntu-latest
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    env:
      image: immich-server
      context: .
      file: server/Dockerfile
    strategy:
      fail-fast: false
      matrix:
        include:
          - platforms: linux/amd64,linux/arm64
            device: cpu
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3.3.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.8.0

      - name: Login to Docker Hub
        # Only push to Docker Hub when making a release
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        # Skip when PR from a fork
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Generate docker image tags
        id: metadata
        uses: docker/metadata-action@v5
        with:
          flavor: |
            # Disable latest tag
            latest=false
          images: |
            name=ghcr.io/${{ github.repository_owner }}/${{env.image}}
            name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch,suffix=${{ matrix.suffix }}
            # Tag with pr-number
            type=ref,event=pr,suffix=${{ matrix.suffix }}
            # Tag with git tag on release
            type=ref,event=tag,suffix=${{ matrix.suffix }}
            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}

      - name: Determine build cache output
        id: cache-target
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            # Essentially just ignore the cache output (PR can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT
          fi

      - name: Build and push image
        uses: docker/build-push-action@v6.12.0
        with:
          context: ${{ env.context }}
          file: ${{ env.file }}
          platforms: ${{ matrix.platforms }}
          # Skip pushing when PR from a fork
          push: ${{ !github.event.pull_request.head.repo.fork }}
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          build-args: |
            DEVICE=${{ matrix.device }}
            BUILD_ID=${{ github.run_id }}
            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
            BUILD_SOURCE_REF=${{ github.ref_name }}
            BUILD_SOURCE_COMMIT=${{ github.sha }}

  success-check-server:
    name: Docker Build & Push Server Success
    needs: [build_and_push_server, retag_server]
    runs-on: ubuntu-latest
    if: always()
    steps:
      - name: Any jobs failed?
        if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"

  success-check-ml:
    name: Docker Build & Push ML Success
    needs: [build_and_push_ml, retag_ml]
    runs-on: ubuntu-latest
    if: always()
    steps:
      - name: Any jobs failed?
        if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"